Protect WordPress Against Malicious URL Requests

Around early September last year, many WordPress sites were infected with malicious codes. They appeared in many forms and attacked certain files such as index.php, wp-config.php and etc. Removing the injected line of malicious codes manually and updating WordPress to the newest version was some of the only way to recover. Recently, we came across this one plugin that may prevent those from happening again.

Jeff Starr from Perishable Press has come with a solution to protect WordPress from these kind of attacks. He discovered a line of codes from a plugins and came up with new script that checks for excessively long request strings (i.e., greater than 255 characters), as well as the presence of either “eval(” or “base64” in the request URI. These sorts of nefarious requests were implicated in the September 2009 WordPress attacks. He recommended this script below to be added in WordPress plugins and be activated.

Copy and paste the script above in a notepad. Save the script with a name. Eg: blockbadqueries.php and put it in a folder with the same name. Upload the whole folder to the plugin directory. Eg: wp-content/plugins/blockbadqueries

Then simply activate the plugin. There you go!

Note:

In addition to that, he also came up with a total security solution that is still in beta level and he named it as 4G Blacklist. To view this total security solution, continue to his site and read the progress of the 4G Blacklist.

WPTidBits is a website that focuses mainly on Wordpress development and very small part of issues that may be out-of -topic. It may include tutorials, web trends, general news and technology, how to’s and list of inspirational sites on the net.